Post subject: Re: Nasty program called xVidly, how do I get rid of it?

Posted: Wed May 29, 2013 5:01 am

Patron of SPCR

Joined: Wed Dec 15, 2004 12:00 pmPosts: 3307Location: Essex, England

The only truly effective way to virus scan a machine is to pull the drive out of it and scan it on another machine. That is where i would suggest you start as there is a good chance that there is a virus as well as malware on your machine.

With some anti-malware programs (e.g. MBAM Free) yopu can also scan individual drives and as such you can scan your infected drive from another machine.

Post subject: Re: Nasty program called xVidly, how do I get rid of it?

Posted: Wed May 29, 2013 5:23 am

Joined: Fri Mar 14, 2008 5:18 amPosts: 613Location: London, UK

andyb wrote:

The only truly effective way to virus scan a machine is to pull the drive out of it and scan it on another machine. That is where i would suggest you start as there is a good chance that there is a virus as well as malware on your machine.

First and foremost, don't go to any website that offers "free" TV shows to stream. You'll be forced into options you don't want, and odds are the episodes you want won't be free.

OK, so I ended up with xVidly (the swine and unintentionally) and stuff that insisted on hijacking my browsers. I had some add-ons that could not be deleted or disabled (I fixed the FireFox add-ons by removing it and reinstalling it). My home page was being reset to their page constantly. Arses. My path to salvation:

1. Spybot first, removed a lot of stuff, but still had ads that I did not want that were not from Google on my Google search page. It had such a hard time it could not remove everything and asked if it could reboot and continue running. Sure, the first run was 15 minutes, the second was 30+. It worked hard, but it wasn't done.

2. I managed to uninstall television fanatic, their version of free is to redirect you to Amazon for free, the actual TV episode is another story. Really? People pay $2/$3 to watch a show originally aired for free? When attempting to uninstall xVidly I got the spinning circle for 3 seconds and then nothing.

3. I ran CCleaner, which did stuff, but no overall change. It has an unistaller, ineffective on xVidly.

4. I ran Malwarebytes. It found nothing, but I still had annoying ads. Including their ad, talk about lousy timing.

Some replies liked ADW Cleaner. No install, just download and run. I ran a search and got back the contents of several files, which mean nothing if you're not a highly experienced admin. I despise being hijacked, so I clicked on delete. It went to town, and deleted a mess of stuff. I tried my Google page and the ads were gone. No blinking ads on search results and crap like that.

A xVidly icon sat on my desktop, annoyed I checked its properties and looked for the path. I don't know when it happened but its folder was gone. I canned the icon. It remains only on the Window's Uninstall Programs page. I can live with that. My old system had 2 entries on it from an ATI driver that was long uninstalled.

I'm bookmarking this thread for future reference.

The price I paid? Hours of frustration and some of my smilies on this page are now missing. And the horse you rode in on xVidly.

Yes, I am aware of malware and worse being able to hide on pc's. IE it's using the OS and file system against you. It seems pretty obvious that even when crap is hiding it has to exist somewhere, so it seems best to create an ISO image of your drive and just scan the whole thing. Don't know how you would actually get anything deleted with this approach, but I like the concept.

Thanks for the help.Aris

We need a new general name for all kinds of "programs" that make a mess of your pc in whatever means they use. My suggeston is to call it suckware.

_________________People who put money and political ideology ahead of truth and ethics are neither﻿ patriots nor human beings.

Post subject: Re: Nasty program called xVidly, how do I get rid of it?

Posted: Wed May 29, 2013 5:39 pm

Joined: Sun Sep 05, 2004 1:51 pmPosts: 687Location: Gefle, Sweden

Free viewing of soccer/hockey games has been a great lure for the Reveton (also known ass Ukash/Police virus) ransomeware that's been fairly rampant over the last 12 months or so. I think it's quieting down now though, and a group has been busted a little while ago. Sometimes with late versions of that one you'd be lucky to get anywhere even with safe boot. So there are worse things out there.

Post subject: Re: Nasty program called xVidly, how do I get rid of it?

Posted: Thu May 30, 2013 6:51 am

Joined: Tue Nov 08, 2011 10:25 amPosts: 56Location: Germany

@ aristide1

I wouldn't remove your hard disk (or SSD) and connect it to another PC because of the risk of infection.

As suggested above, the best option is to boot your PC from a Linux CD and scan your PC from that CD. Many firms offer downloads of standalone malware extraction .iso images that you can burn to a CD, such as Microsoft, Kaspersky, Bitdefender, etc.

But beware, there's a risk, especially if you download the image from a third party, that the image might be be infected as well.

If the standalone option doesn't work, I see no way around nuking your hard disk (including all storage devices connected to it) and reinstalling your OS and software.

This is where imaging programs, like Microsoft's onboard version or Acronis, come in handy.

Post subject: Re: Nasty program called xVidly, how do I get rid of it?

Posted: Thu May 30, 2013 7:50 am

Patron of SPCR

Joined: Wed Dec 15, 2004 12:00 pmPosts: 3307Location: Essex, England

Quote:

I wouldn't remove your hard disk (or SSD) and connect it to another PC because of the risk of infection.

The risk of infection is to tiny its barely worth mentioning.

Having personally used this approach on several thousand drives I had the machine I was virus scanning with infected once, so by my estimation the chances of infecting another machine with this approach is below 0.002%. The only way of a virus being executed in such a situation is to look at the folder the file is in or to actually double click onto it, because the machine you are scanning with is not infected there are no registry entries to point to the file. The thing to do is to hook up the infected drive (and make sure your BIOS boots to the correct drive and not the infected one), then simply go to windows explorer and right click on the appropriate drive(s) and select "scan" with whatever antivirus program you prefer (NOD32 is by far the best in my experience, or otherwise open up the virus scanner and run a scan that way - make sure the AV is up to date of course.

I don't have anything against live-CD's, but as someone who does this on a daily basis I have no need for them at all, and also my experience proves beyond doubt that its a very reliable method with almost no chance of cross-infection, I thought it should be mentioned.

Post subject: Re: Nasty program called xVidly, how do I get rid of it?

Posted: Thu May 30, 2013 8:47 am

Joined: Thu Jul 03, 2008 4:27 amPosts: 1745Location: Switzerland

andyb wrote:

The only way of a virus being executed in such a situation is to look at the folder the file is in or to actually double click onto it, because the machine you are scanning with is not infected there are no registry entries to point to the file.

Obviously incorrect.And if this was correct the risk would be zero, not some small percentage.

D/K strikes again.

andyb wrote:

The risk of infection is to tiny its barely worth mentioning.

And how did you quantify it?If you made this number up, you're pontificating irresponsibly.Why should you be trusted to determine whether malware is present on a system anyhow? What process to you use? Scanning with generic "anti-virus" software as you propose does not determine that a system has not been "infected".

There are operating systems such as some versions of Windows which are configured by default so that they can be taken over by malware designed to do so when you plug in a drive.If you connect an "infected" drive which contains malware designed to exploit such a vulnerability and if it is not patched or on your system, it will be reliably "infected".

Your system may be safe but some people reading you might be vulnerable. So please stop handing out dangerous advice.

Post subject: Re: Nasty program called xVidly, how do I get rid of it?

Posted: Thu May 30, 2013 9:34 am

Joined: Thu Nov 19, 2009 10:20 amPosts: 571Location: Ottawa

HFat wrote:

There are operating systems such as some versions of Windows which are configured by default so that they can be taken over by malware designed to do so when you plug in a drive.If you connect an "infected" drive which contains malware designed to exploit such a vulnerability and if it is not patched or on your system, it will be reliably "infected".

Autorun of executables has been disabled by default since Vista and cannot even be enabled in Windows 7 and up except for CDROMs (it is still disabled by default on CDROMs). XP and Vista were patched over two years ago to have the Windows 7 behaviour. Autorun hasn't been an issue for Windows in quite some time.

Post subject: Re: Nasty program called xVidly, how do I get rid of it?

Posted: Thu May 30, 2013 11:37 am

Patron of SPCR

Joined: Wed Dec 15, 2004 12:00 pmPosts: 3307Location: Essex, England

Quote:

And if this was correct the risk would be zero, not some small percentage.

Please either cite evidence or a personal example that proves that my example is inferior, otherwise your statement is as worthless as it seems compared to my example of scanning PC's for viruses in such a manner for 10-years with a single example of the machine doing the scanning being infected (I cant remember how I infected the scanning machine, it was about 7-8 years ago).

Quote:

There are operating systems such as some versions of Windows which are configured by default so that they can be taken over by malware designed to do so when you plug in a drive.If you connect an "infected" drive which contains malware designed to exploit such a vulnerability and if it is not patched or on your system, it will be reliably "infected".

That is why we never use "connectable" drives. e.g. USB, PATA or SATA drives are not "connected" after the system boots, they are already connected which does not cause the OS to automatically "load viruses" from the drive that has just been "connected". Perhaps one day you might try this yourself.

Quote:

Your system may be safe but some people reading you might be vulnerable. So please stop handing out dangerous advice.

Please don't insult the intelligence of the people reading this, the people on this forum have far superior mental ability than those on other forums.

Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot post attachments in this forum